[OmniOS-discuss] vlan and vnic

[Dale Ghent]

> On Sep 28, 2016, at 8:12 PM, Michael Rasmussen <mir at miras.org> wrote:
> 
> Hi all,
> 
> I have been wondering what is the best way to create vlans in omnios.
> use dladm create-vlan and assign IP to the vlan
> or
> use dladm create-vnic with a vlan tag and assign IP to the vnic
> 
> What are the pros and cons of each?

Functionally as far as VLANs go, they are equivalent. However, VNICs make things more flexible.

VNICs can consume a aggregated set of physical interfaces, or a single physical interface. VNICs in turn can be assigned to Zones.

Here's an operational example that we use:

1) 2 physical interfaces: igb0 and igb1

2) igb0 and igb1 are made into an aggregated NIC we will name "aggr0" (dladm create-aggr ... aggr0) 

Now we have a redundant Layer 2. On the switch, we assign the ports these are connected to all the tagged VLANs that should participate.

3) For the global zone, we make a new VNIC from that aggr. Let's say the global zone's interface is on vlan 5. Thus, we do:
 
gz# dladm create-vnic -d aggr0 -v 5 global0

Okay, good. Now the global zone has its interface (named "global0"), now you just assign it a IP and default route and all that using the standard commands (ipadm, route -p add ...) If you don't have more than 1 physical interface, then you can ignore those first 3 steps.

4) Now we have some zones we want to add, but they need to talk to other VLANs, because VLAN 5 that the global zone is on is a private network that they should not see. Well, we create a VNIC for each zone and assign it to the zone with zonecfg:

 gz# dladm create-vnic -d aggr0 -v 20 foozone0

 gz# zonecfg -z foozone
 zonecfg:foozone> add net
 zonecfg:foozone> set physical=foozone0
...

Now the zone "foozone" will have its own "NIC" that can participate only on VLAN 20.

/dale